3. TECHNOLOGY DEVELOPMENTS
End-to-end encryption (WhatsApp, Signal, OTR, Yahoo/Google
mail), peer-to-peer (Tor) systems
Storage encryption using client-held keys is relatively
straightforward – on devices (Android, iOS) and Cloud (e.g.
SpiderOak)
Homomorphic
encryption in the
cloud?
Verifiable?
4. SECURITY FRAMING
FBI Director James Comey: “It makes more sense to
address any security risks by developing intercept
solutions during the design phase, rather than
resorting to a patchwork solution when law
enforcement comes knocking after the fact. And with
sophisticated encryption, there might be no solution,
leaving the government at a dead end — all in the name
of privacy and network security.” (2014)
UK Prime Minister David Cameron: “In our country, do
we want to allow a means of communication between
people which, even in extremis, with a signed warrant
from the home secretary personally, that we cannot
read?” (2015)
5. NATIONAL POLICIES
US: successful industry and civil society advocacy, European
country reaction (France), availability of foreign and open
source unrestricted software, and 1st amendment cases resulted
in relaxation of export controls Sept 1999.
India: RIM agreed early 2012 to set up Mumbai server allowing
lawful access to BlackBerry individual accounts. Enterprise
System accounts not “high concern”.
China: indigenous innovation policies; various govt attempts to
mandate Chinese non-public encryption algorithms and
protocols, esp. in (broadly-defined) CNI. Most have faded, but
ZuC algorithms accepted by ETSI as optional for 4G – mandated
in China?
Russia: GOST block cipher (other ciphers restricted import),
TPM import restrictions
P Swire and K Ahmad, Encryption and Globalisation, Columbia Science
and Technology Law Review, Spring 2012, Vol. 13, pp.416—481
6. COUNCIL OF EUROPE
PARLIAMENTARY ASSEMBLY
“17…Assembly strongly endorses…the
European Parliament’s call to promote the wide
use of encryption and resist any attempts to
weaken encryption and other Internet safety
standards, not only in the interest of privacy, but
also in the interest of threats against national
security posed by rogue States.”
“19.5 [urges States to] promote the further
development of user-friendly (automatic) data
protection techniques capable of countering
mass surveillance and any other threats to
Internet security”
7. UN SPECIAL
RAPPORTEUR REPORT
“Encryption and anonymity, separately or together, create a
zone of privacy to protect opinion and belief. For instance, they
enable private communications and can shield an opinion from
outside scrutiny, particularly important in hostile political,
social, religious and legal environments. Where States impose
unlawful censorship through filtering and other technologies,
the use of encryption and anonymity may empower individuals
to circumvent barriers and access information and ideas without
the intrusion of authorities. Journalists, researchers, lawyers
and civil society rely on encryption and anonymity to shield
themselves (and their sources, clients and partners) from
surveillance and harassment. The ability to search the web,
develop ideas and communicate securely may be the only way
in which many can explore basic aspects of identity, such as
one’s gender, religion, ethnicity, national origin or sexuality.”
8.
9. ISSUES
What are the similarities/differences in political economy
from the late 1990s (which resulted in crypto liberalisation in
the OECD member states) and today?
1. Interests of actors – industry (OTT providers, access and
core networks, OS and application vendors, smartphone
manufacturers, mobile operators), civil society (rights
advocates, safety/security campaigners…), states, INGOs
2. Which forums are key for decision-making?
Governance of rights, regulatory oversight and
accountability, and technical infrastructures.
Multi-stakeholder processes, multi-actor governance, and the
roles of civil society, advocates and technical developers.